Obfuscate service names

Cargo.lock

@@ -1194,6 +1194,7 @@ dependencies = [
  "json",
  "log",
  "ns-keyed-archive",
+ "obfstr",
  "plist",
  "rand 0.9.1",
  "reqwest",
@@ -1680,6 +1681,12 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "obfstr"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d0d354e9a302760d07e025701d40534f17dd1fe4c4db955b4e3bd2907c63bdee"
+
 [[package]]
 name = "object"
 version = "0.36.7"

ffi/Cargo.toml

@@ -29,6 +29,7 @@ misagent = ["idevice/misagent"]
 mobile_image_mounter = ["idevice/mobile_image_mounter"]
 location_simulation = ["idevice/location_simulation"]
 pair = ["idevice/pair"]
+obfuscate = ["idevice/obfuscate"]
 rsd = ["idevice/rsd"]
 syslog_relay = ["idevice/syslog_relay"]
 tcp = ["idevice/tcp"]

idevice/Cargo.toml

@@ -48,6 +48,8 @@ x509-cert = { version = "0.2", optional = true, features = [
   "pem",
 ], default-features = false }
 
+obfstr = { version = "0.4", optional = true }
+
 [dev-dependencies]
 tokio = { version = "1.43", features = ["full"] }
 tun-rs = { version = "2.0.8", features = ["async_tokio"] }
@@ -68,6 +70,7 @@ misagent = []
 mobile_image_mounter = ["dep:sha2"]
 location_simulation = []
 pair = ["chrono/default", "tokio/time", "dep:sha2", "dep:rsa", "dep:x509-cert"]
+obfuscate = ["dep:obfstr"]
 rsd = ["xpc"]
 syslog_relay = ["dep:bytes"]
 tcp = ["tokio/net"]

idevice/src/services/afc/mod.rs

@@ -11,7 +11,7 @@ use log::warn;
 use opcode::{AfcFopenMode, AfcOpcode};
 use packet::{AfcPacket, AfcPacketHeader};
 
-use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService};
+use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService};
 
 pub mod errors;
 pub mod file;
@@ -62,7 +62,7 @@ pub struct DeviceInfo {
 
 impl IdeviceService for AfcClient {
     fn service_name() -> &'static str {
-        "com.apple.afc"
+        obf!("com.apple.afc")
     }
 
     /// Connects to the AFC service on the device

idevice/src/services/amfi.rs

@@ -2,7 +2,7 @@
 
 use plist::Dictionary;
 
-use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService};
+use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService};
 
 /// Client for interacting with the AMFI service on the device
 pub struct AmfiClient {
@@ -13,7 +13,7 @@ pub struct AmfiClient {
 impl IdeviceService for AmfiClient {
     /// Returns the amfi service name as registered with lockdownd
     fn service_name() -> &'static str {
-        "com.apple.amfi.lockdown"
+        obf!("com.apple.amfi.lockdown")
     }
 
     /// Establishes a connection to the amfi service

idevice/src/services/core_device_proxy.rs

@@ -13,7 +13,7 @@
 //! # Features
 //! - `tunnel_tcp_stack`: Enables software TCP/IP tunnel creation using a virtual adapter. See the tcp moduel.
 
-use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService};
+use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService};
 
 use byteorder::{BigEndian, WriteBytesExt};
 use serde::{Deserialize, Serialize};
@@ -94,7 +94,7 @@ pub struct CoreDeviceProxy {
 impl IdeviceService for CoreDeviceProxy {
     /// Returns the name of the service used for launching the CoreDeviceProxy.
     fn service_name() -> &'static str {
-        "com.apple.internal.devicecompute.CoreDeviceProxy"
+        obf!("com.apple.internal.devicecompute.CoreDeviceProxy")
     }
 
     /// Connects to the CoreDeviceProxy service

idevice/src/services/crashreportcopymobile.rs

@@ -9,7 +9,7 @@
 
 use log::{debug, warn};
 
-use crate::{afc::AfcClient, lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService};
+use crate::{afc::AfcClient, lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService};
 
 /// Client for managing crash logs on an iOS device.
 ///
@@ -23,7 +23,7 @@ pub struct CrashReportCopyMobileClient {
 impl IdeviceService for CrashReportCopyMobileClient {
     /// Returns the name of the CrashReportCopyMobile service.
     fn service_name() -> &'static str {
-        "com.apple.crashreportcopymobile"
+        obf!("com.apple.crashreportcopymobile")
     }
 
     /// Connects to the CrashReportCopyMobile service on the device.

idevice/src/services/heartbeat.rs

@@ -3,7 +3,7 @@
 //! iOS automatically closes service connections if there is no heartbeat client connected and
 //! responding.
 
-use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService};
+use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService};
 
 /// Client for interacting with the iOS device heartbeat service
 ///
@@ -20,7 +20,7 @@ pub struct HeartbeatClient {
 impl IdeviceService for HeartbeatClient {
     /// Returns the heartbeat service name as registered with lockdownd
     fn service_name() -> &'static str {
-        "com.apple.mobile.heartbeat"
+        obf!("com.apple.mobile.heartbeat")
     }
 
     /// Establishes a connection to the heartbeat service

idevice/src/services/house_arrest.rs

@@ -6,7 +6,7 @@
 
 use plist::{Dictionary, Value};
 
-use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService};
+use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService};
 
 use super::afc::AfcClient;
 
@@ -22,7 +22,7 @@ pub struct HouseArrestClient {
 impl IdeviceService for HouseArrestClient {
     /// Returns the name of the HouseArrest service as registered with lockdownd
     fn service_name() -> &'static str {
-        "com.apple.mobile.house_arrest"
+        obf!("com.apple.mobile.house_arrest")
     }
 
     /// Establishes a connection to the HouseArrest service

idevice/src/services/installation_proxy.rs

@@ -8,7 +8,7 @@ use std::collections::HashMap;
 use log::warn;
 use plist::Dictionary;
 
-use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService};
+use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService};
 
 /// Client for interacting with the iOS installation proxy service
 ///
@@ -22,7 +22,7 @@ pub struct InstallationProxyClient {
 impl IdeviceService for InstallationProxyClient {
     /// Returns the installation proxy service name as registered with lockdownd
     fn service_name() -> &'static str {
-        "com.apple.mobile.installation_proxy"
+        obf!("com.apple.mobile.installation_proxy")
     }
 
     /// Establishes a connection to the installation proxy service

idevice/src/services/lockdown.rs

@@ -7,7 +7,7 @@ use log::error;
 use plist::Value;
 use serde::{Deserialize, Serialize};
 
-use crate::{pairing_file, Idevice, IdeviceError, IdeviceService};
+use crate::{obf, pairing_file, Idevice, IdeviceError, IdeviceService};
 
 /// Client for interacting with the iOS lockdown service
 ///
@@ -23,7 +23,7 @@ pub struct LockdownClient {
 impl IdeviceService for LockdownClient {
     /// Returns the lockdown service name as registered with the device
     fn service_name() -> &'static str {
-        "com.apple.mobile.lockdown"
+        obf!("com.apple.mobile.lockdown")
     }
 
     /// Establishes a connection to the lockdown service

idevice/src/services/misagent.rs

@@ -6,7 +6,7 @@
 use log::warn;
 use plist::Dictionary;
 
-use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService};
+use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService};
 
 /// Client for interacting with the iOS misagent service
 ///
@@ -22,7 +22,7 @@ pub struct MisagentClient {
 impl IdeviceService for MisagentClient {
     /// Returns the misagent service name as registered with lockdownd
     fn service_name() -> &'static str {
-        "com.apple.misagent"
+        obf!("com.apple.misagent")
     }
 
     /// Establishes a connection to the misagent service
@@ -219,4 +219,3 @@ impl MisagentClient {
         }
     }
 }
-

idevice/src/services/mobile_image_mounter.rs

@@ -9,7 +9,7 @@
 
 use log::debug;
 
-use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService};
+use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService};
 use sha2::{Digest, Sha384};
 
 #[cfg(feature = "tss")]
@@ -30,7 +30,7 @@ pub struct ImageMounter {
 impl IdeviceService for ImageMounter {
     /// Returns the image mounter service name as registered with lockdownd
     fn service_name() -> &'static str {
-        "com.apple.mobile.mobile_image_mounter"
+        obf!("com.apple.mobile.mobile_image_mounter")
     }
 
     /// Establishes a connection to the image mounter service

idevice/src/services/os_trace_relay.rs

@@ -7,7 +7,7 @@ use chrono::{DateTime, NaiveDateTime};
 use plist::Dictionary;
 use tokio::io::AsyncWriteExt;
 
-use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService};
+use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService};
 
 /// Client for interacting with the iOS device OsTraceRelay service
 pub struct OsTraceRelayClient {
@@ -18,7 +18,7 @@ pub struct OsTraceRelayClient {
 impl IdeviceService for OsTraceRelayClient {
     /// Returns the OsTraceRelay service name as registered with lockdownd
     fn service_name() -> &'static str {
-        "com.apple.os_trace_relay"
+        obf!("com.apple.os_trace_relay")
     }
 
     /// Establishes a connection to the OsTraceRelay service

idevice/src/services/springboardservices.rs

@@ -3,7 +3,7 @@
 //! Provides functionality for interacting with the SpringBoard services on iOS devices,
 //! which manages home screen and app icon related operations.
 
-use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService};
+use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService};
 
 /// Client for interacting with the iOS SpringBoard services
 ///
@@ -17,7 +17,7 @@ pub struct SpringBoardServicesClient {
 impl IdeviceService for SpringBoardServicesClient {
     /// Returns the SpringBoard services name as registered with lockdownd
     fn service_name() -> &'static str {
-        "com.apple.springboardservices"
+        obf!("com.apple.springboardservices")
     }
 
     /// Establishes a connection to the SpringBoard services
@@ -104,4 +104,3 @@ impl SpringBoardServicesClient {
         }
     }
 }
-

idevice/src/services/syslog_relay.rs

@@ -1,6 +1,6 @@
 //! iOS Device SyslogRelay Service Abstraction
 
-use crate::{lockdown::LockdownClient, Idevice, IdeviceError, IdeviceService};
+use crate::{lockdown::LockdownClient, obf, Idevice, IdeviceError, IdeviceService};
 
 /// Client for interacting with the iOS device SyslogRelay service
 pub struct SyslogRelayClient {
@@ -11,7 +11,7 @@ pub struct SyslogRelayClient {
 impl IdeviceService for SyslogRelayClient {
     /// Returns the SyslogRelay service name as registered with lockdownd
     fn service_name() -> &'static str {
-        "com.apple.syslog_relay"
+        obf!("com.apple.syslog_relay")
     }
 
     /// Establishes a connection to the SyslogRelay service

idevice/src/util.rs

@@ -126,3 +126,17 @@ fn print_plist(p: &Value, indentation: usize) -> String {
         _ => "Unknown".to_string(),
     }
 }
+
+#[macro_export]
+macro_rules! obf {
+    ($lit:literal) => {{
+        #[cfg(feature = "obfuscate")]
+        {
+            obfstr::xref!($lit)
+        }
+        #[cfg(not(feature = "obfuscate"))]
+        {
+            $lit
+        }
+    }};
+}

justfile

@@ -28,7 +28,7 @@ xcframework: apple-build
 apple-build: # requires a Mac
   # iOS device build
   BINDGEN_EXTRA_CLANG_ARGS="--sysroot=$(xcrun --sdk iphoneos --show-sdk-path)" \
-    cargo build --release --target aarch64-apple-ios
+    cargo build --release --target aarch64-apple-ios --feature obfuscate
 
   # iOS Simulator (arm64)
   BINDGEN_EXTRA_CLANG_ARGS="--sysroot=$(xcrun --sdk iphonesimulator --show-sdk-path)" \